I would like to welcome our first speaker. I know him for a couple of years now from my other life in research, and he's one of the most important brains in the security and privacy area. He's been the technical leader of a number of EU projects related to privacy technology. Please welcome. So how long have you been with eBay? IBM now
Becoming 16 years, just in a, in a month,
16 years of IBM and all, all in research,
All in research,
All in research. Have you been doing something else and privacy and cryptography?
No privacy. So all my life here, well before IBM at IBM.
And I'll be working on it in the next couple of years as well, I guess.
Okay. So you real expert, I'll be looking forward then to your presentation. Thank you. Thank you very much.
Good morning, everybody. So today I would like to speak to you about cryptography for the people. So I guess as we all have like more documents that we deal with electronically, this might be well, our music, our movies that we watch, but it also might be our health records. It might be our insurance policy policies.
It might be our contract with customers, our data that we have from our businesses that we deal with on our bringing your own devices, our company laptops, we use those data. We process those data with various devices. This might be our mobile phones. It might be our laptop office computers. It might be our, our tablets. We all store the data somewhere in the cloud, but when it sort of comes to how to secure those data, I think it's quite difficult today, how to do it. We're sort of left alone.
And I think our companies, our suppliers don't really help us here because they all try to shift it towards the user that everybody has to manage their data, their security themselves, and to make things even worse. It sort of has become on VO that that people have to manage their data themselves. So many companies sort of shifting out the paper documents on the, the it world, but giving the users account to log in and manage their data. So I just got a mail last week from my insurance companies says, well, okay, we don't send you any papers anymore.
Here is you log in, please manage stuff yourself. And that happens with like all similar companies as well.
So for, for the users here, I think it's more like we have a problem. It's it's like walking on the moon. I'm not quite sure what I should be doing.
And actually I chose this picture because buzz Aldrin's foot prints are still up there on the moon.
And to me, that sort of exemplifies the problem we are having. Namely sort of computers are very much like the moon, whereas the humans are, we are used sort of to the Sandy beach. And the issue here is that, well, Bo Aldrin's foot swims foot prints are still there up in the lunar dust. And the lunar dust is quite different from the Sandy beach that we are used to where, where sort of aim the footsteps get washed away after a while. And so as humans, we more like the Sandy beach. We forget things maybe far too quickly.
And well, if you have things on paper, paper, it sort of collects dust in the drawers. Whereas computers, I mean, we store data forever. Data storage becomes cheaper. We just stored by default, we collect data.
This might be security cameras. It might be our, our logs from our wifi access. I guess you all all know that also data mining gets ever better. So what companies, what the algorithms can find out about us, what we're doing get even better, like advertising gets very well targeted. Some of the things are of course, nice.
I mean, if we can analyze big data, we, we can predict academia can predict the spread of diseases. We can maybe find out the best cure for, for cancer. So that that's, that's very good. But I guess for us, as, as humans, it makes it very difficult to navigate in that space. And moreover, I think the way we build applications today, we built them very much with, with our paper based world in mind, and we don't really build them for the moon. So we're having an issue there. And I think the issue really is that sort of the digital world, the electronic world is, is quite different.
And we are sort of not quite used to that.
Indeed's sort of figuring out where all the data goes is, is very hard to understand, even, even to experts and well, the devices, the operating systems, apps, they're all getting more complex. It gets meshed up. There's all these complex ad networks. And as a user use those things, it's not visible. You just see a screen and that's, that's all you see your data is there on my screen, but what goes on behind you cannot charge.
And well, honestly you should not be able to have to do that, but then how can you manage those things? How can you make sure that things are secure when you use those devices? And I guess the cloud makes it even worse.
I mean, the cloud of course is, is very helpful. It sort of virtualizes all those machines. You don't have to deal with machines buying machines anymore, but that also means that where data is processed, applications are moved around all the time can easily moved around.
It can be moved around between borders. And so you lose even more control. So I guess it now, and in this kind of world, it's far too easy to lose data, to lose control over data. And also it's far too easy to collect data to store and, and process data.
So what, what can we do, I guess most of you know, the quote, you have no price, you get over it from son's Exco, but I think that's exactly not the point. And you also hear now the NSA has all our data anyway.
I mean, if you see all the recent revelations, that's what people take from it. Well, if, if they can collect the data anyway, why should I care? Also most people's well have nothing to hide here, but I think that that's a really misconception well, because it is a huge well privacy problem, but also a huge security problem.
I've just put some figure down here that, that defense from like an RSA report.
And so for, for, for instance, if you want to get like a million of hacked passers get hacked by, by the millions, you you've all known, know that you're all afraid of that, but actually there's a big black market for that. So for instance, if you wanna buy a hundred thousand followers for, for Twitter, like in 2013 cost, you would cost you $115 or like stolen entities. And these figures are actually interesting because in 2005, a stolen identity was 150 bucks. Then the price has come down to like five bucks in 2013. So what does that mean?
It doesn't mean that an identity has become worse, less. It means it's a well-functioning market because prices have come down. So it means that there's a lot of data around there. It's easy to catch, get this data.
And so you should probably better protect them. But I guess in general, it's very difficult to put exact figures down because I mean, people are not reporting them, but I guess we, we just know that it's going on like that. And we should probably protect ourselves.
And to me, I mean, it wasn't surprising that that like com or like organizations like the NSA collect data that, that try to figure out what's going, going on here. Think what was interesting is how easy it is today to collect all this data. The NSA did not need to break any crypto. They don't have like better cryptographers than anybody else in the world. All the crypto we're using is quite secure. They managed to like collect the data at all other places. So mostly where data is addressed, where data stored, the communication is mostly secure.
Not always because that could be intercepted as well.
And so I think what we should be worried about is not that the NSA can do it, but that it is so easy to collect all this data and that other parties under maybe less political control can do the same thing as well.
Last bit, not least data are the new money, so maybe we should protect them better than what we do now. So what does mean? So I think, and for now these are just principles, but later on, I also wanna tell you about what kind of crypto exists today that we actually can just use to achieve those goals.
So, first of all, I think when we build applications, we should really build them in a way, as I said, for, for the moon, being aware that data can easily be, be lost. And so we should build applications that we do not require more data than we actually need.
So when, when we interact or when for some service users have to provide some data, when at the end of the day, users of course need to be authenticated, need to be authorized to do something and users have to pay, but they should be able to do that without only revealing the information that they really need. And of course, may maybe you wanna offer them some, some kind of tailored products and stuff like that, but, but that that's still possible. And actually here sort of crypto can do both things because although it might seem paradoxical, we can actually achieve that.
So I think when we do applications, we should not design them with our paper based world in mind. But we have to think about how we would build that for, for different environment, like the moon instead of the Sandy beach.
Well, the second thing that we need to do is we should really encrypt Arabic and not only in transit, but also when it's stored.
So in something, some sense, the data should never be not encrypted. It should be always be encrypted. And so we should encrypt it when we process it, we should process it in encrypted form, not have it in clear somewhere and up top of encrypting the data. We should also attach like a usage policy with it, such that we know where this data can be, can travel, where it should not travel, what we can do with the data, and then actually stick to that policy.
Of course, that means we, we still have to manage the keys carefully because I mean, encrypting the data only solves the problem. Partially we have like a lot of data that we can encrypt and we have a key that we still need to manage. So of course that we, we need to figure out how to do that also.
I mean, as you I'm sure know, like cryptographic algorithms in part particular like symmetry algorithms tend to get broken from, from time to time.
Like for, for Shavan, that's being phased out and many applications in the past were just hard coding, cryptographic algorithm in the applications themselves, and then have a huge problem when they need to change that. So when we, when we build application, we should use the cryptographic algorithms, not like a specific one, but more like a cloud. Now here I need the block side for here.
I need digital signature scheme and just use them like that so that we can actually swap in and out different algorithms and well, the quantum computers, I mean, we don't have them today. Maybe we don't have them ever, but maybe we have them in five years. And if that will be the case, if you have them in five years and only a single computer, or like maybe a couple of computers at some places are enough to break all the crypto that we're using today.
And so at least then we have to swap out all, all the crypto uses today.
So RSA will no longer be secure DSA digital design algorithm will no longer be secure. So we have to do something here. So I was saying, okay, we have to manage our keys.
And again, I think at the end of the day, our users have to manage your keys. You have to encrypt your email, but then, then you have to manage those keys. And that's actually today still very hard problem. Somehow we have to ask humans, we, we cannot do crypto in our hands. We have to somehow, and you cannot also remember keys. We cannot remember like short passwords, maybe pass phrases at best. And so the question is how can we as users use that crypto? That's what I really mean by, by crypto for people. How can we do that?
And the problem here is like current approaches.
I think don't really work very well. I mean, smart cards, hardware token, we lose them their hard to roll out passwords or dads, because as you said before, like you read the every day in the news that so, and so many million passwords got stolen and broken, so that doesn't quite work biometrics.
Well, maybe it works. Maybe not, I think rather or not because already today, if you have a good digital camera to take a picture from very far and you get my fingerprint and with that, you can unlock my phone and stuff. So that doesn't quite work either. So we have to find some solutions here as well. And I'm giving you a couple of examples here also. Okay. So I think we have to have here.
The, the technology actually really helps the user dealing with all this data, having the, the user in the mind without sort of exposing them to all the technology.
And I think what some companies now do that they try to offload the management of their data just to the users that they all use, like a Facebook account to do the user authentication. That's really the wrong way we are heading. And then we should switch here and try to help our users because at the end of the day, the users still the weakest link here.
And if systems get broken, quite often, they get broken because of social engineering. You try to spear fish and try to order things. And so we have to do something here. So what can we do?
And here, I just can give you a couple of examples. What cryptography today can do that is quite different from what you probably know from, from the past where we just encrypt and science stuff. And it's really just a couple of examples.
I mean, I could talk the whole day here about what crypto could help, what different protocols exist today. So the first thing is when you do, when we talk about data minimization, how can I authenticate? How can I get authorized in the digital world without revealing to many information like today? People what they think is okay. So we have like a, in the real world when I wanna watch a somewhere and the movies say like Alexei Wonderland, you have to be over 12 in order to watch Alexei Wonderland. So people think, well, okay, take out your identity card, show your identity card.
And then the other end, the, the movie rental store will just verify that, that you are over 12. And then we just do that digitally. Okay. I have a digital certificate, we design it digitally and it all works. Now the promise that that reveals too much information.
If we have like teenagers that do that, we have all the older data there and we should really, again, pro protect them better. And so here, look at privacy, attribute based credentials can actually do that.
So with crypto, what we can do is we can issue those certificates so that that's here in this cloudy bubble that Alexei user here thinks about. So she got digital certificate issued with this more fancy crypto here. And when then she later wants to watch a movie online. So the movie rental service just tells the look, instead of proof to me who you are, maybe log in with Facebook.
Now, the user, the, the just tells the user, okay, you have to prove me that you're older than 12 in order to watch that. Now our user is just happy.
She, she takes her digital certificate, but now instead of just sending the certificate over and revealing all the information on it, what you can do is you actually can use some crypto transform the certificate into a new one that will just contain the fact that she's older at 12.
And so that actually works. And we have a session later today, a workshop where we sort of discussed this kind of technology. So if you wanna learn about more about that, please join us later on in one of those workshops. So crypto can do other amazing things. So here an example, how we can still use passwords.
And actually personally, I do believe that passwords are not that I think that they're about the only thing that, that we as users can really manage. And actually for, for my banking card, for, for the ATM, I have like a four digit pin. I use it since 16 years and I did not have any problem whatsoever. And so that sort of shows quite well what the issue is.
So the, the way we use passwords today is just the wrong way, because what gets stored some, some cash password information somewhere online.
And if that thing is lost, we can just try all the different passwords versus my banking card. When I enter it three times wrong, the car gets swallowed and actually crypto helps us to sort of do the same thing online as well. And the idea here is that you sort of distribute password verification over a number of servers, such that none of them by itself has all the information. So if one of the servers get hacked, you just get, get random garbage.
And so do the protocol such that when Alexei logs in enter her password, well, of course she has to enter on, on the keyboard. So there it's sort of vulnerable, but you would not store anything. And then this whole verification process, you do not transmit any information that is just depends solely on the password. So if an Troper gets any of those messages hacks in, in one of the servers, they cannot do like an offline attack and just try all the different passwords.
And of course, we can also do other things we can do sort of strong authentication with them, with them, because once we have sort of authenticated to one of those devices, we could also share our secret keys among those servers, our device, in a similar way, we could also do like distributed encryption decryption. We could have like a password vault that manages all our, like throwaway online and passwords that we use with the different services.
So in some sense, what you actually can do is like a virtual smart card, like a, a software smart card that is as secure as like a normal hardware smart card. So crypto can do that. And we've developed a number of protocols that work for that.
I mean, they just go and look at the cryptographic literature and you find lots of protocols that actually achieve that. Okay. So how can we secure the cloud?
So if we have all the data out in the cloud, well, again, if you just put it out in, in the cloud, it's very bad because you lose, lose control, you have to trust those companies, but do you really trust all their intrusion detection, schemes? Do you really trust all their virals and things go bad?
I mean, people lose hard disc people lose data. And so we should rather somehow protect it all in the cloud. And of course, now, as we know how we can go from passage to strong cryptographic keys, we could just encrypt the data in the, in the cloud and be happy. But then typically what people think, well, okay, it's encrypted now. We can no longer use it, but also here cryptography actually can help you. And probably many of you have heard about the fully homomorphic encryption, which is like an encryption scheme, such that if you encrypted, you can still do operations on that.
So the user can encrypt the data, put it in into the sky, then tell the cloud server. Well, okay, now I wanna know the average of all the, all the figures that encrypted, please compute that for me and, and send it back to me. And so the cloud server could just do that and then send back Dell, stay decrypted domain, but send it back to the user thereafter. And the user would just have to decrypted result. So fully home encryption can achieve that. Unfortunately today it's, it's practical only for, for sort of very simple computations, but already for very simple complications, it works.
However crypto can do more here. So we have like something, a tool called multipart computation. The idea here is that you sort of simulate what fully homomorphic encryption is. You just share out the data again on many servers, such that none of them has the data by itself, but together they somehow have enough information to reconstruct the data.
And here actually we can do distributed computations, such did always remains secure. And then again, delivered the result back to the user.
Now this you could use in the cloud, but could also use it just internally to sort of prevent hackers to, to steal the data when you have them in inside your company. Okay. So let me rather wrap up. So I think we should engage into some rocket sciences where we should start building our applications with like, sort of the different environment, like for the moon in mind, we should use the crypto that is readily available and protect ourselves from all the attacks that are happening and sort of build nice and secure future digital work that we can all easily use. Thank you very much.
Thank you, Michael much, very short question. Five years, quantum computers said, do you think this is realistic?
Well, so we have this nanotech lab at IBM in Zurich and they invite all this physicists. And actually the most scary thing I heard from them was that like all different parts that are needed for such a computer are sort of available all over the world. But of course, it's notoriously hard to bring all those things together. And the five years, I think it's very optimistic, but, but who knows? Right? Just
Needs break, but you presented is gun, right? So this is all based on security of mathematical problems that have
Some
Of it is gone one way functions.
Yeah.
I mean, personally, of course, I'm not hoping that we have in five years. I mean, it would be, I think we should better think about it now. I think that there is more like a call to research. We should working very hard, make new algorithms, so we know how to do signatures. We know to how to do encryption. We know to do how to do some fancy protocol, but, but all of what I have said we can do yet, but I think we're getting there. We're hope we have more than five years available, available for that.
Thank you very much.
Thanks.
